Communication systems often use data encryption techniques to transfer communication data (i.e., traffic) in a secure manner. Security is provided through the use of encryption keys that are used by communication devices (e.g., mobile radios) to encrypt and decrypt the traffic. A common encryption technique for use in communication systems, especially trunked radio communication systems, is a symmetric encryption system (SES) in which the same traffic encryption key is used by a sender to encrypt traffic and by one or more receivers to decrypt the traffic. Typically, a common traffic encryption key is shared by a group of authorized users (e.g., members of a police or fire department) and is updated periodically to increase security. In operation, updates to group traffic encryption keys (GTKs) are transferred to communication devices of all authorized group members so that they may encrypt/decrypt traffic to/from other group members. To preserve the integrity of an SES communication system, the communication system needs to prevent unauthorized individuals from accessing the GTKs.
FIG. 1 depicts a typical encryption key distribution system for distributing GTKs to enable secure communications between group member communication devices, e.g., the communication devices of a group of authorized users. The distribution system includes a key administrator 102 that generates the GTKs, a key distribution and storage facility 104 for storing and distributing the GTKs, and a plurality of group devices (represented by group member #1 communication device 100a and group member #2 communication device 100b) that use the GTKs to encrypt/decrypt traffic between group member communication devices 100a, b. Typical encryption key distribution systems are described in U.S. Pat. No. 5,528,691 to Rosauer et al., U.S. Pat. No. 5,619,572 to Sowa, and U.S. Pat. No. 5,768,380 to Rosauer et al., incorporated fully herein by reference.
In use, the key administrator 102 generates a GTK for use by the group member communication devices 100a, b to encrypt/decrypt traffic. The key administrator 102 passes the current unencrypted GTK to a key distribution and storage facility 104 where it is stored unencrypted. The GTKs is then encrypted using a group encryption key (GEK) and transferred to the individual group member communication devices 100a, b by the key distribution and storage facility 104. The individual group member communication devices 100a, b, using a previously stored GEK identical to the GEK used by the key distribution and storage facility 104 to encrypt the GTK, decrypt the GTK for use in encrypting/decrypting traffic between group devices 100a, b. 
The encryption key distribution system described in reference to FIG. 1 is commonly used in the communication systems employed by many private organizations and by public service organizations, such as police, fire, and ambulance squads. The key administrator 102 and the group member communication devices 100a, b are typically secure, i.e., are under the direct control of a particular organization and its associated personnel. Typically, however, multiple groups use a single key distribution and storage facility 104 that is under the control of a third party, e.g., a private corporation. For example, in a communication system for use by a police department, the police department maintains control over a key administrator 102 that resides on its premises and police officers maintain control over the individual group member communication devices 100a, b. The key distribution and storage facility 104, however, is typically managed by an organization that is not under the direct control of the police department. Since the key distribution and storage facility 104 is under the control of a third party, it is potentially unsecure. Therefore, the potential exists for unauthorized users to gain access to the GTKs stored on the unsecure key distribution and storage facility 104, thereby compromising the integrity of the communication system.
Accordingly, there is a need for secure methods and systems for storing and distributing GTKs. The present invention fulfills this need among others.